Two thirds of hotel websites leak guest data

Around two-thirds of hotel websites carelessly leak some guest personal data to third-party companies which could also leave them susceptible to scammers, according to a new report.

Cyber security firm Symantec found that booking confirmation emails sent to guests frequently contain links to their booking which are not encrypted, which means anyone on the same network could feasibly get access to the data, including hackers.

This lack of security also allows third-party sites such as advertisers to view personal information.

“The fact that this issue exists, despite the GDPR coming into effect in Europe almost one year ago, suggests that the GDPR’s implementation has not completely addressed how organisations respond to data leakage,” said Candid Wueest, principal threat researcher at Symantec.

The company looked at more than 1,500 hotel websites in 54 countries, ranging from two- to five-star properties.

Data which was unwittingly leaked includes names, email addresses, passport numbers and some credit card details

Wueest said data privacy officers at a quarter of all hotels did not reply within six weeks when notified of security issues.

Link to article